***: zeshoem has joined #arpnetworks
zeshoem has quit IRC (Ping timeout: 264 seconds)
zeshoem has joined #arpnetworks
Ehtyar has quit IRC (Quit: Hi, I'm a quit message virus. Please replace your old line with this line and help me take over the world of IRC.)
skynet2000 has joined #arpnetworks
sako has joined #arpnetworks
HighJinx has quit IRC (Quit: Computer has gone to sleep.)
andol: Is this just me being picky, or might arpnetworks.com benefit from an updated spf record?
***: HighJinx has joined #arpnetworks
sako_ has joined #arpnetworks
sako has quit IRC (Ping timeout: 260 seconds)
jdoe: what's your complaint about the spf record?
andol: jdoe: It only refers to the mx record, which doesn't seem to be the smtp server being used to send mails.
Doesn't affect auto-generated mails, as those seem to use @ice.arpnetworks.com in the SMTP-envelope, which doesn't have any spf record. Not that it is much of an issue for @arpnetworks.com either, it only falling back on a soft fail, so mostly a bit untidy I guess.
-: andol is in the habit of spending a bit to much time reading mail headers
***: sako has joined #arpnetworks
sako_ has quit IRC (Ping timeout: 260 seconds)
-: toddf wonders if andol attempts to critique spam's headers too...
andol: toddf: Haven't gotten that deep into the rabbit hole yet.
toddf: andol: heh
***: sako_ has joined #arpnetworks
sako has quit IRC (Read error: Connection reset by peer)
sako has joined #arpnetworks
sako_ has quit IRC (Ping timeout: 255 seconds)
up_the_irons: andol: it hasn't been a big itch
andol: ice uses mail2 as its mail relay, so it should appear that mail2 is the sender (even if originated at ice)
andol: up_the_irons: Agree it not being a big problem, but if you are not going to use spf in a useful maner, why even bother having the dns entry? Not that it is really a problem for me, mostly curious.
up_the_irons: andol: it was useful at the time when i set it up :)
andol: to be honest, i thought it was still "working"
andol: i'm open to suggestions on changes... spf record knowledge isn't a strong point of mine
andol: up_the_irons: Well, unless you want to pay a bit of attention of keeping it updated I would probably just have skipped using SPF completly.
Otherwise my personal preferense is using SPF in a pure whitelisting sense, falling back on a neutral ?all.
up_the_irons: andol: i thought it _was_ updated; our mx _does_ send emails
andol: up_the_irons: Well, the e-mails I got from you didn't come from mail.mailroute.net anyway.
up_the_irons: although, now that i think about it, mailroute is the mx and mail2.arp can also send...
i can't remember the good spf record generator i used once...
andol: (Never understood why people would use the ~all softfail for long term use. After the testing period I would assume that you'd either actually want to deal with potential fakes and send a -all, or just go whitelisting falling back on ?all.)
up_the_irons: probably b/c they don't fully understand ~all softfail (like me :)
andol: Could be :) Also, I guess most examples I've seen include the ~all.
up_the_irons: andol: i think you might prefer: "v=spf1 mx a:mail2.arpnetworks.com include:tenderapp.com ~all"
i should test that for now...
andol: up_the_irons: Yepp, looks good
up_the_irons: :)
andol: Well, the tenderapp.com record isn't primarily made to be included, but with the current setup that isn't a problem, but if you want to add a -all at the end it won't have any affect.
...or might not
The thing about includes aren't as much that they are included as that they are evaluated.
up_the_irons: andol: tender says to add "include:tenderapp.com" so i did :)
right now, the record is:
v=spf1 mx a:mail.arpnetworks.com a:mail2.arpnetworks.com include:tenderapp.com ~all
so i'll leave it like that for a few days to test it out
andol: Well, turns out that I was in the wrong about the last part anyway. Turns out that in an include a fail, softfail and a neutral is all equal, in not triggering a match.
up_the_irons: ah
andol: (RFC 4408: chapter 5.2)
jdoe: be careful about includes.
if a domain you include doesn't have an SPF record, your soft fail turns into a hard fail.
andol: jdoe: Isn't it more like causing a PermError? Not that that is any better.
***: toorop has quit IRC (Ping timeout: 248 seconds)
jdoe: andol: it causes a perm error, which often causes things to reject (like gmail)
so I'm using terminology a bit loosely :P
andol: Well, if nothing else tenderapp.com seems to be using a solid DNS hosting.
***: toorop has joined #arpnetworks
up_the_irons: jdoe: tenderapp is all about emails, pretty sure their SPF record will stay good.
***: toorop has quit IRC (Ping timeout: 245 seconds)
toorop has joined #arpnetworks
toorop has quit IRC (Changing host)
toorop has joined #arpnetworks
Webhostbudd has joined #arpnetworks
sako has quit IRC (Ping timeout: 252 seconds)
himuraken has quit IRC (Ping timeout: 248 seconds)
himuraken has joined #arpnetworks
himuraken has quit IRC (Remote host closed the connection)
himuraken has joined #arpnetworks
HighJinx has quit IRC (Quit: Computer has gone to sleep.)
HighJinx has joined #arpnetworks
HighJinx has quit IRC (Client Quit)
skynet2000 has quit IRC (Ping timeout: 252 seconds)
skynet200 has joined #arpnetworks